tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <>
Subject Re: JAVA_OPTS catalina.bat vs tomcat7w.exe
Date Mon, 25 Feb 2013 20:15:59 GMT
On Mon, Feb 25, 2013 at 3:08 PM, Howard W. Smith, Jr. <> wrote:

> can you please clarify 'the server is open to abuse from pretty much
> anyone who can reach it'? can you refer to me a blog or an article that
> discusses app abuse via jmx? i have hardware firewall in place and the jmx
> port is not open/available at the hardware firewall level. I usually login
> remotely to production server, and open Java visual VM to check status of
> the app (via JMX).
I just searched google for:

tomcat jmx abuse attack

and I see a lot of search results mentioning 'jboss', but found a document
(that mentions tomcat, too) [1] that I could skim/read for now. Thanks.

[1] [PDF] *Abusing*

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message